Author: jsuchome
Date: Fri Nov 7 15:45:37 2008
New Revision: 53071
URL: http://svn.opensuse.org/viewcvs/yast?rev=53071&view=rev
Log:
- check more carefuly pam-config output
- remove GROUP_ENRYPTION from levels
- do not check service values against levels
Modified:
trunk/security/src/Security.ycp
trunk/security/src/complex.ycp
trunk/security/src/levels.ycp
Modified: trunk/security/src/Security.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/src/Security.ycp?rev=53071&r1=53070&r2=53071&view=diff
==============================================================================
--- trunk/security/src/Security.ycp (original)
+++ trunk/security/src/Security.ycp Fri Nov 7 15:45:37 2008
@@ -123,7 +123,7 @@
"LASTLOG_ENAB" : "yes",
"OBSCURE_CHECKS_ENAB" : "yes",
"PASSWD_ENCRYPTION" : "blowfish",
- "GROUP_ENCRYPTION" : "des",
+ "GROUP_ENCRYPTION" : "md5",
"PASSWD_USE_CRACKLIB" : "yes",
"PASS_MAX_DAYS" : "99999",
"PASS_MIN_DAYS" : "0",
@@ -157,6 +157,14 @@
// the original settings
map Settings_bak = Settings;
+// keys that should not be tested against predefined levels:
+// - GROUP_ENCRYPTION does not have UI for changing
+// - RUNLEVEL*_SERVICES have different syntax, are not saved in current form
+list<string> do_not_test = [ "GROUP_ENCRYPTION",
+ "RUNLEVEL3_MANDATORY_SERVICES", "RUNLEVEL5_MANDATORY_SERVICES",
+ "RUNLEVEL3_EXTRA_SERVICES", "RUNLEVEL5_EXTRA_SERVICES"
+];
+
/**
* Security settings locations
*/
@@ -432,14 +440,14 @@
Settings ["PASSWD_REMEMBER_HISTORY"] = "0";
foreach (string val, pam_check_settings, {
list lval = splitstring (val, "=");
- if (issubstring (val, "minlen"))
+ if (issubstring (val, "minlen") && lval[1]:"" != "")
Settings ["PASS_MIN_LEN"] = lval[1]:"5";
/* use cracklib? */
if (issubstring (val, "cracklib")) {
- Settings ["CRACKLIB_DICT_PATH"] = lval[1]:"/usr/lib/cracklib_dict";
+ Settings ["CRACKLIB_DICT_PATH"] = lval[1]:"/usr/lib/cracklib_dict";
Settings ["PASSWD_USE_CRACKLIB"] = "yes";
}
- if (issubstring (val, "remember="))
+ if (issubstring (val, "remember=") && lval[1]:"" != "")
Settings ["PASSWD_REMEMBER_HISTORY"] = lval[1]:"0";
});
@@ -675,11 +683,16 @@
*/
global define list Summary() {
+ map settings = Security::Settings;
+ foreach (string key, Security::do_not_test, {
+ settings = remove (settings, key);
+ });
+
/* Determine current settings */
any current = `custom;
maplist(string key, map level, Levels, {
y2debug("%1=%2", key, level);
- if(level == Settings)
+ if(level == settings)
current = key;
});
y2debug("%1=%2", current, Settings);
Modified: trunk/security/src/complex.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/src/complex.ycp?rev=53071&r1=53070&r2=53071&view=diff
==============================================================================
--- trunk/security/src/complex.ycp (original)
+++ trunk/security/src/complex.ycp Fri Nov 7 15:45:37 2008
@@ -55,14 +55,19 @@
string caption = _("Local Security Configuration");
string help = HELPS["main"]:"";
+ map settings = Security::Settings;
+ foreach (string key, Security::do_not_test, {
+ settings = remove (settings, key);
+ });
+
/* Determine current settings */
any current = `custom;
maplist(string key, map level, Levels, ``{
y2debug("%1=%2", key, level);
- if(level == Security::Settings)
+ if(level == settings)
current = key;
});
- y2debug("%1=%2", "curren", Security::Settings);
+ y2debug("%1=%2", current, Security::Settings);
/* Create RB group from the list of settings */
term RB = `VBox();
Modified: trunk/security/src/levels.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/src/levels.ycp?rev=53071&r1=53070&r2=53071&view=diff
==============================================================================
--- trunk/security/src/levels.ycp (original)
+++ trunk/security/src/levels.ycp Fri Nov 7 15:45:37 2008
@@ -56,6 +56,7 @@
"Level1" : $[
"CONSOLE_SHUTDOWN" : "reboot",
+ "CRACKLIB_DICT_PATH" : "/usr/lib/cracklib_dict",
"CWD_IN_ROOT_PATH" : "no",
"CWD_IN_USER_PATH" : "no",
"DISPLAYMANAGER_REMOTE_ACCESS" : "no",
@@ -63,7 +64,6 @@
"FAIL_DELAY" : "1",
"GID_MAX" : "60000",
"GID_MIN" : "1000",
- "GROUP_ENCRYPTION" : "des",
"DISPLAYMANAGER_SHUTDOWN" : "all",
"LASTLOG_ENAB" : "yes",
"OBSCURE_CHECKS_ENAB" : "yes",
@@ -107,7 +107,6 @@
"FAIL_DELAY" : "6",
"GID_MAX" : "60000",
"GID_MIN" : "1000",
- "GROUP_ENCRYPTION" : "des",
"DISPLAYMANAGER_SHUTDOWN" : "root",
"LASTLOG_ENAB" : "yes",
"OBSCURE_CHECKS_ENAB" : "yes",
@@ -151,7 +150,6 @@
"FAIL_DELAY" : "3",
"GID_MAX" : "60000",
"GID_MIN" : "1000",
- "GROUP_ENCRYPTION" : "des",
"DISPLAYMANAGER_SHUTDOWN" : "root",
"LASTLOG_ENAB" : "yes",
"OBSCURE_CHECKS_ENAB" : "yes",
--
To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org
For additional commands, e-mail: yast-commit+help@opensuse.org